diff options
author | Ruslan N. Marchenko <me@ruff.mobi> | 2020-11-25 22:37:48 +0100 |
---|---|---|
committer | Ruslan N. Marchenko <me@ruff.mobi> | 2020-11-26 23:05:04 +0100 |
commit | f35be864471bba3e9ba98f82dd6e1805ea902db8 (patch) | |
tree | b18c1cd904a9d3fe589671d1a407463a853d55a1 | |
parent | bc786634c6163ad5ad265fbd3045477cbc22141a (diff) | |
download | wocky-f35be864471bba3e9ba98f82dd6e1805ea902db8.tar.gz |
Make SCRAM tests independent from SASL2 availability and features
-rw-r--r-- | tests/wocky-connector-test.c | 28 | ||||
-rw-r--r-- | tests/wocky-dummy-xmpp-server.c | 2 | ||||
-rw-r--r-- | tests/wocky-test-connector-server.c | 7 | ||||
-rw-r--r-- | tests/wocky-test-connector-server.h | 3 | ||||
-rw-r--r-- | tests/wocky-test-sasl-auth-server.c | 63 | ||||
-rw-r--r-- | tests/wocky-test-sasl-auth-server.h | 3 |
6 files changed, 85 insertions, 21 deletions
diff --git a/tests/wocky-connector-test.c b/tests/wocky-connector-test.c index ab5e0f6..871997f 100644 --- a/tests/wocky-connector-test.c +++ b/tests/wocky-connector-test.c @@ -129,7 +129,8 @@ typedef void (*test_setup) (gpointer); typedef struct _ServerParameters ServerParameters; struct _ServerParameters { - struct { gboolean tls; gchar *auth_mech; gchar *version; } features; + struct { gboolean tls; gchar *auth_mech; gchar *version; gchar *need_mech; } + features; struct { ServerProblem sasl; ConnectorProblem conn; } problem; struct { gchar *user; gchar *pass; } auth; guint port; @@ -3359,6 +3360,7 @@ client_connected (GIOChannel *channel, srv->auth.user, srv->auth.pass, srv->features.version, + srv->features.need_mech, cproblem, srv->problem.sasl, srv->cert); @@ -3604,6 +3606,8 @@ run_test (gpointer data) g_free (path); /* end of cleanup block */ + if (test->server_parameters.features.need_mech == NULL) + test->server_parameters.features.need_mech = test->result.mech; start_dummy_xmpp_server (&test->server_parameters); setup_dummy_dns_entries (test); @@ -3827,22 +3831,18 @@ main (int argc, mainloop = g_main_loop_new (NULL, FALSE); -#ifdef HAVE_LIBSASL2 - for (i = 0; tests[i].desc != NULL; i++) g_test_add_data_func (tests[i].desc, &tests[i], (test_func)run_test); -#else - - g_message ("libsasl2 not found: skipping SCRAM SASL tests"); - for (i = 0; tests[i].desc != NULL; i++) - { - if (!wocky_strdiff (tests[i].result.mech, DEFAULT_SASL_MECH)) - continue; - g_test_add_data_func (tests[i].desc, &tests[i], (test_func)run_test); - } - -#endif + /* + * SASL2 support is ridiculous, you can find all possible combinations + * where some support SCRAM SHA1 only, other SCRAM SHA256, some even + * SCRAM SHA512. But it absolutely does not depend on the version, only + * on the build flags. The verdict - if SASL server doesn't return back + * DEFAULT_SASL_MECH - we just use in-house implementation. SASL2 becomes + * complimentary sanity cross-check feature. + * We'll do additional verification in the server initialisation code. + */ result = g_test_run (); test_deinit (); diff --git a/tests/wocky-dummy-xmpp-server.c b/tests/wocky-dummy-xmpp-server.c index 4bbc24a..f66d113 100644 --- a/tests/wocky-dummy-xmpp-server.c +++ b/tests/wocky-dummy-xmpp-server.c @@ -59,7 +59,7 @@ client_connected (GIOChannel *channel, g_io_channel_shutdown (channel, TRUE, NULL); gconn = g_object_new (G_TYPE_SOCKET_CONNECTION, "socket", gsock, NULL); server = test_connector_server_new (G_IO_STREAM (gconn), - NULL, "foo", "bar", "1.0", + NULL, "foo", "bar", "1.0", NULL, &cproblem, SERVER_PROBLEM_NO_PROBLEM, CERT_STANDARD); diff --git a/tests/wocky-test-connector-server.c b/tests/wocky-test-connector-server.c index 1796ed5..9d46810 100644 --- a/tests/wocky-test-connector-server.c +++ b/tests/wocky-test-connector-server.c @@ -95,6 +95,7 @@ struct _TestConnectorServerPrivate gboolean authed; TestSaslAuthServer *sasl; + gchar *must; gchar *mech; gchar *user; gchar *pass; @@ -1301,7 +1302,7 @@ feature_stanza (TestConnectorServer *self) if (priv->sasl == NULL) priv->sasl = test_sasl_auth_server_new (NULL, priv->mech, priv->user, priv->pass, NULL, priv->problem.sasl, FALSE); - test_sasl_auth_server_set_mechs (G_OBJECT (priv->sasl), feat); + test_sasl_auth_server_set_mechs (G_OBJECT (priv->sasl), feat, priv->must); } if (problem & XMPP_PROBLEM_OLD_AUTH_FEATURE) @@ -1573,10 +1574,11 @@ xmpp_init (GObject *source, TestConnectorServer * test_connector_server_new (GIOStream *stream, - gchar *mech, + const gchar *mech, const gchar *user, const gchar *pass, const gchar *version, + const gchar *need_mech, ConnectorProblem *problem, ServerProblem sasl_problem, CertSet cert) @@ -1593,6 +1595,7 @@ test_connector_server_new (GIOStream *stream, priv->mech = g_strdup (mech); priv->user = g_strdup (user); priv->pass = g_strdup (pass); + priv->must = g_strdup (need_mech); priv->problem.sasl = sasl_problem; priv->problem.connector = problem; priv->conn = wocky_xmpp_connection_new (stream); diff --git a/tests/wocky-test-connector-server.h b/tests/wocky-test-connector-server.h index 4e781a3..31787aa 100644 --- a/tests/wocky-test-connector-server.h +++ b/tests/wocky-test-connector-server.h @@ -170,10 +170,11 @@ GType test_connector_server_get_type (void); TestConnectorServerClass)) TestConnectorServer * test_connector_server_new (GIOStream *stream, - gchar *mech, + const gchar *mech, const gchar *user, const gchar *pass, const gchar *version, + const gchar *need_mech, ConnectorProblem *problem, ServerProblem sasl_problem, CertSet cert); diff --git a/tests/wocky-test-sasl-auth-server.c b/tests/wocky-test-sasl-auth-server.c index f66736a..b1a0fd8 100644 --- a/tests/wocky-test-sasl-auth-server.c +++ b/tests/wocky-test-sasl-auth-server.c @@ -225,7 +225,7 @@ stream_open_sent (GObject *source, /* Send stream features */ stanza = wocky_stanza_new ("features", WOCKY_XMPP_NS_STREAM); - test_sasl_auth_server_set_mechs (G_OBJECT (self), stanza); + test_sasl_auth_server_set_mechs (G_OBJECT (self), stanza, NULL); wocky_xmpp_connection_send_stanza_async (priv->conn, stanza, priv->cancellable, features_sent, user_data); @@ -833,6 +833,25 @@ handle_auth (TestSaslAuthServer *self, WockyStanza *stanza) else ret = SASL_NOUSER; } + else if (priv->scram && g_str_has_prefix (priv->selected_mech, "SCRAM-SHA-")) + { + ScramRes res = { self, NULL, FALSE }; + + wocky_sasl_scram_server_start_async (priv->scram, (gchar *) response, + handle_auth_cb, priv->cancellable, &res); + + while (!res.complete) + g_main_context_iteration (NULL, FALSE); + + if (res.challenge) + { + ret = 1; /* SASL_CONTINUE */ + challenge = res.challenge; + challenge_len = strlen (challenge); + } + else + ret = SASL_NOUSER; + } else { #if HAVE_LIBSASL2 @@ -1015,6 +1034,25 @@ handle_response (TestSaslAuthServer *self, WockyStanza *stanza) else ret = SASL_BADAUTH; } + else if (priv->scram && g_str_has_prefix (priv->selected_mech, "SCRAM-SHA-")) + { + ScramRes res = { self, NULL, FALSE }; + + wocky_sasl_scram_server_step_async (priv->scram, (gchar *) response, + handle_response_cb, priv->cancellable, &res); + + while (!res.complete) + g_main_context_iteration (NULL, FALSE); + + if (res.challenge) + { + ret = SASL_OK; + challenge = res.challenge; + challenge_len = strlen (challenge); + } + else + ret = SASL_BADAUTH; + } else { #ifdef HAVE_LIBSASL2 @@ -1315,12 +1353,15 @@ test_sasl_auth_server_auth_async (GObject *obj, } gint -test_sasl_auth_server_set_mechs (GObject *obj, WockyStanza *feat) +test_sasl_auth_server_set_mechs (GObject *obj, + WockyStanza *feat, + const gchar *must) { int ret = 0; TestSaslAuthServer *self = TEST_SASL_AUTH_SERVER (obj); TestSaslAuthServerPrivate *priv = self->priv; WockyNode *mechnode = NULL; + gboolean hazmech = FALSE; if (priv->problem != SERVER_PROBLEM_NO_SASL) { @@ -1355,8 +1396,26 @@ test_sasl_auth_server_set_mechs (GObject *obj, WockyStanza *feat) { wocky_node_add_child_with_content (mechnode, "mechanism", *tmp); + if (!hazmech && !wocky_strdiff (*tmp, must)) + hazmech = TRUE; } g_strfreev (mechlist); + + if (!hazmech && must != NULL + && g_str_has_prefix (must, "SCRAM-SHA-")) + { + /* as said before, this is ridiculous so let's fix that */ + if (g_str_has_prefix (must, "SCRAM-SHA-256")) + { + if (priv->scram == NULL) + priv->scram = g_object_new (WOCKY_TYPE_SASL_SCRAM, + "server", "whatever", + "hash-algo", G_CHECKSUM_SHA256, + NULL); + wocky_node_add_child_with_content (mechnode, + "mechanism", must); + } + } } } return ret; diff --git a/tests/wocky-test-sasl-auth-server.h b/tests/wocky-test-sasl-auth-server.h index 0c89c6f..2fe8007 100644 --- a/tests/wocky-test-sasl-auth-server.h +++ b/tests/wocky-test-sasl-auth-server.h @@ -101,7 +101,8 @@ TestSaslAuthServer * test_sasl_auth_server_new (GIOStream *stream, void test_sasl_auth_server_stop (TestSaslAuthServer *self); -gint test_sasl_auth_server_set_mechs (GObject *obj, WockyStanza *feat); +gint test_sasl_auth_server_set_mechs (GObject *obj, WockyStanza *feat, + const gchar *must); G_END_DECLS |